A Proposal for information security risk evaluation framework

سال انتشار: 1390
نوع سند: مقاله کنفرانسی
زبان: انگلیسی
مشاهده: 1,649

فایل این مقاله در 11 صفحه با فرمت PDF قابل دریافت می باشد

استخراج به نرم افزارهای پژوهشی:

لینک ثابت به این مقاله:

شناسه ملی سند علمی:

SASTECH05_150

تاریخ نمایه سازی: 22 مرداد 1391

چکیده مقاله:

Organizations are always facing different threats related to their informational possessions; however, they are extremely dependent to these possessions. Most informational systems are not basically safe and technical solutions are only a small part of the community solutions of comprehensive informational security, so Informational gathering is a necessary task and all organizations should recognize and know the threatening areas which potentially threaten them to do so.These threatening areas are determined via systematic analysis and security risks evaluation. And by recognizing the risks areas, suitable controls will be chosen in order to reduce the identified risks effects.So far, different methods and standards have been introduced to assess security, but none of them presents a systematic framework and method for assessing security and security risk optimum reduction.In this article a framework is presented to evaluate shortcomings, holes and security risks along with an algorithm for optimum choice of risks reduction controls.In the proposed framework standards and methods such as ISO/IEC 15408 Common Criteria for Information Technology Security Evaluation, ISO/IEC 17799, ISO/IEC 27002 security standards, Microsoft threatening model process and Use Case Function Point are used

نویسندگان

Esmat Ali Mohammad Malayeri

Islamic Azad- NorthTehran Branch, Tehran Iran

مراجع و منابع این مقاله:

لیست زیر مراجع و منابع استفاده شده در این مقاله را نمایش می دهد. این مراجع به صورت کاملا ماشینی و بر اساس هوش مصنوعی استخراج شده اند و لذا ممکن است دارای اشکالاتی باشند که به مرور زمان دقت استخراج این محتوا افزایش می یابد. مراجعی که مقالات مربوط به آنها در سیویلیکا نمایه شده و پیدا شده اند، به خود مقاله لینک شده اند :
  • Mellado.D., Fernandez-M edina. E., M.Piattini. (2007). A common criteria based ...
  • Talukder. A. K., Chaitanya.M. (200 8).Architecting Secure Software System. ...
  • Shina.M.E, , Gomaa.H.(2007) , Software requirements and architecture modeling for ...
  • _ _ _ _ _ ling, and cohesion metris as ...
  • Veiga.Da., Eloff. J.H.P.(2010).A framework and assessment instrument for information security ...
  • ISO/IEC 17799:2005, International standard Organization, Information technology- Cod of practice ...
  • ISO/IEC 27002:2007, International standard Organization, Information technology- Cod of practice ...
  • SO/IEC _ 5 93 9 : 2007 (E), International standard, ...
  • Begnoche.L., Abran.A., Buglione. L.(2007) .A Measurement Approach Integrating ISO 15939, ...
  • ISO/IEC 15408-1 :2009-12-1 5, Information technology _security te chnique s_Evaluation ...
  • SO/IEC _ 5408-3 :2008-08- 15, Information technology _security tec hni ...
  • Sommestad .T., Ekstedt .M., Johnson .P.(2010). A probabilistic relational model ...
  • ISO/IEC _ 5408-3 :2008-08- 15, Information technology _security tec hni ...
  • Davami .F., Ali Mohammad Malayeri .E., Modiri .N.(2010).A Framework for ...
  • "sAsrech 201 1, Khavaran Higher-education Institute, Mashhad, Iran. May 12-14. ...
  • Davami .F., Ali Mohammad Malayeri .E., Modiri .N.(2010).A Framework for ...
  • Modiri .N., Davami .F., Ali Mohammad Malayeri .E.(20 10).Software Metric ...
  • _ _ standard, Software enginerig _ _ size me asurement ...
  • نمایش کامل مراجع